Implementation Of An Organization Wide Security Plan

1112 words - 5 pages

Implementation of an Organization-Wide Security Plan
Implementation of an Organization-Wide Security
Purpose
The purpose of this security plan is to establish security requirements to have a controlled access to the information resources.
Scope
This plan applies to all users of information assets including employees, employees of temporary employment agencies, vendors, business partners, and contractor personnel.
Definitions
Definition of some of the common terms:
Authentication: is the process of determining whether someone or something is, in fact, who or what it is declared to be
Availability: Ensuring that authorized users have access to information and associated assets when ...view middle of the document...

A formal record of all registered users must be maintained. This record must be checked periodically for unused, redundant, or expired user accesses or accounts, or incorrect privileges.
Accounts that are inactive for a maximum period of 90 days must be disabled, after verification for a valid cause.
User accounts of personnel quitting must be removed immediately after their termination of job.
Privilege Management
All privileges to the users must be assigned through a formal authorization procedure and must ensure that no privileges are assigned before the completion of the authorization procedure.
All privileges must be allocated as and when required on a need to know basis.
Detailed records must be maintained for all privileges allocated.
User Password Management
All users must change their temporary password on first login.
In case of forgotten passwords, temporary passwords should be issued only after positive identification of the user.

Users should not store password on a computer or at a place, which has public access.
Review of User Access Rights
All user access rights must be reviewed every 6 months.
Review of all special privileged access rights must be carried out at an interval of 3 months.
User responsibilities
Password use
All users must follow the Password Policy.
Unattended user equipment
All users must enable password-protected screen savers on user desktops, portable computers/laptops, and servers.
For mainframe computers, users must log off after completion of their tasks.
Network access control
Policy on use of network services
Access to networks and network services must be specifically authorized in accordance with the organization User Access Control procedures.
Access to networks and network services will be controlled on the basis of business and security requirements, and access control rules defined for each network.
Network connection control
A Service Policy Table must be formulated for each service that is allowed through each firewall.
All external connections by business partners and customers must be documented..
Network routing control
Appropriate routing control mechanisms must be deployed to restrict information flows to designated network paths within the control of the organization.
Network routing controls must be based on positive source and destination address checking mechanisms.
Security of network services
The organization must obtain detailed descriptions of the security attributes of any external services from external Network services providers
Security attributes description must establish the confidentiality, integrity, and availability of business applications and the level of controls (if any) required to be applied
Operating system access control
Terminal log-on procedures
The terminal logon procedure must...

Other assignments on Implementation Of An Organization-Wide Security Plan

532 words - 3 pages
planning process, and finally it will deliver a professional report detailing the information above for any interested parties.
Summary of Compliance Laws and Regulations:
1. FISMA:
I. FISMA is the Federal Information Security Management act developed to ensure that federal agencies protect their data.
II. To be compliant with FISMA we must Develop an agency wide program to provide information security and have annual inspections to

3778 words - 16 pages
attorney. Unless otherwise noted, HIPAA COW has not addressed all state pre-emption issues related to this Guide and the Toolkit documents. Therefore, these documents may need to be modified in order to comply with Wisconsin/State law.
The Toolkit provides an example HIPAA Security Risk Assessment and documents to support completing a Risk Analysis and Risk Mitigation Implementation Plan. While it covers a broad spectrum of the requirements

1741 words - 7 pages
for planning, implementing, and management of the ISMS plan. The ISMS outline, network drawing, and additional recommended steps will be discussed below.
A1. Business Objectives
The first step of any ISMS is the identification of the business objects that need to be included in the planning and maintenance of an organization. Listed below are HBWC’s major objects to be considered when developing ISMS. (Arnason, S, & Willett, K.D, 2008)
Staff

3346 words - 14 pages
an organization should be the key consideration rather than the profit on the network investment.
• Assumptions should not be made on possible sources of network vulnerabilities. Network threats and risk emanates from both within the organization and external sources.
• Security threats should never be tackled in piecemeal. A unified strategy, which protect the entire network should be put in place when handling security challenges.
• Network

2451 words - 10 pages
the contents of the system security plan during the initiation phase, the certification agent can begin the assessment of the security controls in the information system. The certification agent is an individual, group, or organization responsible for conducting a security certification, or comprehensive assessment of the information system and to ensure the creditability of the assessment result should be an outside expert that is independent

400 words - 2 pages
monitoring of the strategy after its implementation. Strategy monitoring entails evaluating the strategy to determine if it yeilds the anticipated results as espoused in the organizational goals. In the final stage an organization determines what areas of the plan to measure and the methods of measuring these areas, and then compares the anticipated results with the actual ones. Through monitoring, an organization is able to understand when and how to adjust the plan to adapt to chaning trends.

417 words - 2 pages
There are several ethical issues that arise in information security. The security is one of most issue of concern for every business organization. Ethics is a term which is used to distinguish between right or wrong things. Ethical issues in computer security includes cybercrimes, computer hacking and information warfare. In an Internet world, many banking organizations are attacked by attackers and millions of credit card details stolen every

5140 words - 21 pages
optimal leadership and implemintation models of organizational change.
-To develop recommendations and program on company’s preparation for organizational transformation taking into account the scale of estimated change and readiness of the organization for them.
The course of diagnosis:
-Identification of key stakeholders and an assessment of possible scenarios of their effect on the change implementation process.
-Assessment of the horizon

1290 words - 6 pages
above security steps are only backups of an original electronic document. The paper copies will also be at one of the company’s off-site storage facilities. This is to preserve issues related to weather like tornadoes, hurricane, flood zones, etc.
Database Risks and Security Requirements
As stated earlier in this document, the benefit election system needs to have a way of saving the data collected, and it is this data that the organization

2691 words - 11 pages
and training program. Those steps are Awareness and Training Program Design, Awareness and Training Material Development, Program Implementation and Post-Implementation. The design step consists of providing for an agency wide needs assessment and a training strategy to be developed and approved. This strategic planning document identifies implementation tasks to be performed in support of established agency security training goals. This step

926 words - 4 pages
. Next the committee will need to determine the methods, processes, communication techniques, resources, and type of system that will be used through the selection and acquisition process. They must decide upon what it is that we need or want our system to do. What is the purpose in us implementing this system and what do we plan to gain from it, goals must be set. These goals will set the tone for how the organization will drive the information

Similar Documents

2964 words - 12 pages
AN ANALYSIS OF THE CULTURE OF AN ORGANIZATION
The Student’s Name
The Name of the Class
Professor
The Name of the University
The city and State where it is Located
The Date
Contents
1.0 Background to the Organization...........................................................................................4
2.0 Theoretical Framework

2529 words - 11 pages
for an organization to avoid the difficulties associated with this change. In order to reduce employees’ resistance to ERP implementation, top management of the organization must analyze these sources of resistance and must employ the appropriate set of strategies to counter them. With the complex organizational problem of workers’ resistance to ERP implementation, we used the following components of overcoming change resistance

3061 words - 13 pages
marketing plan is measured. Although, data from Social Media while an excellent resource for measuring success also could require software or a third party to compile the data into a useful format (Henry, 2014).
Promotion
Because the target market for the Pet Buddy is pet owners with disposable income. Part of our marketing plan is to offer Pet Buddy to veterinarians for personal use. In return, these veterinarians will promote the product to his